Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / openssh / 69ff1df952eebf0489b775a60ede094eaf596a05
commit69ff1df952eebf0489b775a60ede094eaf596a05[log] [tgz]
authorDamien Miller <djm@mindrot.org>Thu Jun 23 08:30:03 2011 +1000
committerDamien Miller <djm@mindrot.org>Thu Jun 23 08:30:03 2011 +1000
tree6eb76b4632b7c131e0fbb52d8ce7cccf658b6bfa
parent82c558761d0fa42dc954d62812b9e4b4a94f64bd [diff]
   - djm@cvs.openbsd.org 2011/06/22 21:57:01
     [servconf.c servconf.h sshd.c sshd_config.5 sandbox-rlimit.c]
     [sandbox-systrace.c sandbox.h configure.ac Makefile.in]
     introduce sandboxing of the pre-auth privsep child using systrace(4).

     This introduces a new "UsePrivilegeSeparation=sandbox" option for
     sshd_config that applies mandatory restrictions on the syscalls the
     privsep child can perform. This prevents a compromised privsep child
     from being used to attack other hosts (by opening sockets and proxying)
     or probing local kernel attack surface.

     The sandbox is implemented using systrace(4) in unsupervised "fast-path"
     mode, where a list of permitted syscalls is supplied. Any syscall not
     on the list results in SIGKILL being sent to the privsep child. Note
     that this requires a kernel with the new SYSTR_POLICY_KILL option.

     UsePrivilegeSeparation=sandbox will become the default in the future
     so please start testing it now.

     feedback dtucker@; ok markus@
10 files changed
tree: 6eb76b4632b7c131e0fbb52d8ce7cccf658b6bfa
  1. contrib/
  2. openbsd-compat/
  3. regress/
  4. scard/
  5. .cvsignore
  6. aclocal.m4
  7. acss.c
  8. acss.h
  9. addrmatch.c
  10. atomicio.c
  11. atomicio.h
  12. audit-bsm.c
  13. audit-linux.c
  14. audit.c
  15. audit.h
  16. auth-bsdauth.c
  17. auth-chall.c
  18. auth-krb5.c
  19. auth-options.c
  20. auth-options.h
  21. auth-pam.c
  22. auth-pam.h
  23. auth-passwd.c
  24. auth-rh-rsa.c
  25. auth-rhosts.c
  26. auth-rsa.c
  27. auth-shadow.c
  28. auth-sia.c
  29. auth-sia.h
  30. auth-skey.c
  31. auth.c
  32. auth.h
  33. auth1.c
  34. auth2-chall.c
  35. auth2-gss.c
  36. auth2-hostbased.c
  37. auth2-jpake.c
  38. auth2-kbdint.c
  39. auth2-none.c
  40. auth2-passwd.c
  41. auth2-pubkey.c
  42. auth2.c
  43. authfd.c
  44. authfd.h
  45. authfile.c
  46. authfile.h
  47. bufaux.c
  48. bufbn.c
  49. bufec.c
  50. buffer.c
  51. buffer.h
  52. buildpkg.sh.in
  53. canohost.c
  54. canohost.h
  55. ChangeLog
  56. channels.c
  57. channels.h
  58. cipher-3des1.c
  59. cipher-acss.c
  60. cipher-aes.c
  61. cipher-bf1.c
  62. cipher-ctr.c
  63. cipher.c
  64. cipher.h
  65. cleanup.c
  66. clientloop.c
  67. clientloop.h
  68. compat.c
  69. compat.h
  70. compress.c
  71. compress.h
  72. config.guess
  73. config.sub
  74. configure.ac
  75. crc32.c
  76. crc32.h
  77. CREDITS
  78. deattack.c
  79. deattack.h
  80. defines.h
  81. dh.c
  82. dh.h
  83. dispatch.c
  84. dispatch.h
  85. dns.c
  86. dns.h
  87. entropy.c
  88. entropy.h
  89. fatal.c
  90. fixpaths
  91. fixprogs
  92. groupaccess.c
  93. groupaccess.h
  94. gss-genr.c
  95. gss-serv-krb5.c
  96. gss-serv.c
  97. hostfile.c
  98. hostfile.h
  99. includes.h
  100. INSTALL
  101. install-sh
  102. jpake.c
  103. jpake.h
  104. kex.c
  105. kex.h
  106. kexdh.c
  107. kexdhc.c
  108. kexdhs.c
  109. kexecdh.c
  110. kexecdhc.c
  111. kexecdhs.c
  112. kexgex.c
  113. kexgexc.c
  114. kexgexs.c
  115. key.c
  116. key.h
  117. LICENCE
  118. log.c
  119. log.h
  120. loginrec.c
  121. loginrec.h
  122. logintest.c
  123. mac.c
  124. mac.h
  125. Makefile.in
  126. match.c
  127. match.h
  128. md-sha256.c
  129. md5crypt.c
  130. md5crypt.h
  131. mdoc2man.awk
  132. misc.c
  133. misc.h
  134. mkinstalldirs
  135. moduli
  136. moduli.5
  137. moduli.c
  138. monitor.c
  139. monitor.h
  140. monitor_fdpass.c
  141. monitor_fdpass.h
  142. monitor_mm.c
  143. monitor_mm.h
  144. monitor_wrap.c
  145. monitor_wrap.h
  146. msg.c
  147. msg.h
  148. mux.c
  149. myproposal.h
  150. nchan.c
  151. nchan.ms
  152. nchan2.ms
  153. openssh.xml.in
  154. opensshd.init.in
  155. OVERVIEW
  156. packet.c
  157. packet.h
  158. pathnames.h
  159. pkcs11.h
  160. platform.c
  161. platform.h
  162. progressmeter.c
  163. progressmeter.h
  164. PROTOCOL
  165. PROTOCOL.agent
  166. PROTOCOL.certkeys
  167. PROTOCOL.mux
  168. readconf.c
  169. readconf.h
  170. README
  171. README.dns
  172. README.platform
  173. README.privsep
  174. README.tun
  175. readpass.c
  176. rijndael.c
  177. rijndael.h
  178. roaming.h
  179. roaming_client.c
  180. roaming_common.c
  181. roaming_dummy.c
  182. roaming_serv.c
  183. rsa.c
  184. rsa.h
  185. sandbox-rlimit.c
  186. sandbox-systrace.c
  187. sandbox.h
  188. schnorr.c
  189. schnorr.h
  190. scp.1
  191. scp.c
  192. servconf.c
  193. servconf.h
  194. serverloop.c
  195. serverloop.h
  196. session.c
  197. session.h
  198. sftp-client.c
  199. sftp-client.h
  200. sftp-common.c
  201. sftp-common.h
  202. sftp-glob.c
  203. sftp-server-main.c
  204. sftp-server.8
  205. sftp-server.c
  206. sftp.1
  207. sftp.c
  208. sftp.h
  209. ssh-add.1
  210. ssh-add.c
  211. ssh-agent.1
  212. ssh-agent.c
  213. ssh-dss.c
  214. ssh-ecdsa.c
  215. ssh-gss.h
  216. ssh-keygen.1
  217. ssh-keygen.c
  218. ssh-keyscan.1
  219. ssh-keyscan.c
  220. ssh-keysign.8
  221. ssh-keysign.c
  222. ssh-pkcs11-client.c
  223. ssh-pkcs11-helper.8
  224. ssh-pkcs11-helper.c
  225. ssh-pkcs11.c
  226. ssh-pkcs11.h
  227. ssh-rsa.c
  228. ssh.1
  229. ssh.c
  230. ssh.h
  231. ssh1.h
  232. ssh2.h
  233. ssh_config
  234. ssh_config.5
  235. sshconnect.c
  236. sshconnect.h
  237. sshconnect1.c
  238. sshconnect2.c
  239. sshd.8
  240. sshd.c
  241. sshd_config
  242. sshd_config.5
  243. sshlogin.c
  244. sshlogin.h
  245. sshpty.c
  246. sshpty.h
  247. sshtty.c
  248. survey.sh.in
  249. TODO
  250. ttymodes.c
  251. ttymodes.h
  252. uidswap.c
  253. uidswap.h
  254. umac.c
  255. umac.h
  256. uuencode.c
  257. uuencode.h
  258. version.h
  259. xmalloc.c
  260. xmalloc.h